Redirect all URLs to new domain

configuration.nix

@@ -206,11 +206,6 @@ with pkgs;
       owner = "matrix-as-signal";
       group = "matrix-as-signal";
     };
-    secrets.acme = {
-      file = secrets/acme.age;
-      owner = "acme";
-      group = "nginx";
-    };
     secrets.inadyn-duckdns = {
       file = secrets/inadyn-duckdns.age;
       owner = "inadyn";
@@ -221,13 +216,23 @@ with pkgs;
       owner = "inadyn";
       group = "inadyn";
     };
+    secrets.acme-duckdns = {
+      file = secrets/acme-duckdns.age;
+      owner = "acme";
+      group = "nginx";
+    };
+    secrets.acme-porkbun = {
+      file = secrets/acme-porkbun.age;
+      owner = "acme";
+      group = "nginx";
+    };
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 
   # Auto-upgrade the system
   system.autoUpgrade = {
     enable = true;
-    flake = "/root/system";
+    flake = "/home/coolneng/system";
     flags = [
       "--update-input agenix --update-input nixpkgs"
       "--commit-lock-file"

modules/devops.nix

@@ -21,8 +21,8 @@
     settings = {
       server = {
         DISABLE_SSH = true;
-        DOMAIN = "git.coolneng.duckdns.org";
+        DOMAIN = "git.psydnd.org";
-        ROOT_URL = "https://git.coolneng.duckdns.org";
+        ROOT_URL = "https://git.psydnd.org";
       };
       service.DISABLE_REGISTRATION = true;
       session.COOKIE_SECURE = true;

modules/information.nix

@@ -10,10 +10,6 @@
   services.miniflux = {
     enable = true;
     adminCredentialsFile = config.age.secrets.miniflux.path;
-    config = {
-      BASE_URL = "https://rss.coolneng.duckdns.org";
-      DISABLE_HSTS = 1;
-    };
   };
 
   # Php-fpm pool for Wallabag

modules/monitoring.nix

@@ -81,7 +81,7 @@ with pkgs;
   services.grafana = {
     enable = true;
     settings.server = {
-      domain = "grafana.coolneng.duckdns.org";
+      domain = "grafana.psydnd.org";
       http_port = 9009;
       http_addr = "127.0.0.1";
     };

modules/networking.nix

@@ -37,19 +37,30 @@ in
   services.inadyn = {
     enable = true;
     interval = "*:0/30";
-    settings = {
+    settings.provider."duckdns" = {
-      provider."duckdns" = {
       hostname = "coolneng.duckdns.org";
       include = config.age.secrets.inadyn-duckdns.path;
     };
-      custom."porkbun.com" = {
-        ddns-server = "dynamicdns.park-your-domain.com";
-        ddns-path = "/update?domain=%u&password=%p&host=%h";
-        hostname = "psydnd.org";
-        include = config.age.secrets.inadyn-porkbun.path;
   };
+
+  # Dynamic DNS configuration for Porkbun
+  # NOTE Temporary workaround until Inadyn fixes the Porkbun module
+  services.oink = {
+    enable = true;
+    settings = {
+      apiKey = "PLACEHOLDER";
+      secretApiKey = "PLACEHOLDER";
+      interval = 1800;
     };
+    domains = [
+      {
+        domain = "psydnd.org";
+        subdomain = "";
+      }
+    ];
   };
+  # NOTE Load credentials using environment variables
+  systemd.services.oink.serviceConfig.EnvironmentFile = config.age.secrets.inadyn-porkbun.path;
 
   # Firewall configuration
   networking.firewall = {

modules/webstack.nix

@@ -34,15 +34,12 @@
       proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
     '';
     virtualHosts = {
+      # Old domain being redirected
       "coolneng.duckdns.org" = {
         useACMEHost = "coolneng.duckdns.org";
         forceSSL = true;
-        # Redirect from legacy subdirectory URL to subdomain
         locations = {
-          "/radicale/".return = "301 https://radicale.coolneng.duckdns.org";
+          "/".return = "301 https://psydnd.org$request_uri";
-          "/syncthing/".return = "301 https://sync.coolneng.duckdns.org";
-          "/gitea/".extraConfig = "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
-          "/miniflux/".extraConfig = "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
           # Delegation for Matrix
           "/.well-known/" = {
             alias = "${../well-known}" + "/";
@@ -54,9 +51,20 @@
           };
         };
       };
-      "radicale.coolneng.duckdns.org" = {
+      # Redirect subdomains
+      "~^(?<subdomain>.+)\.coolneng\.duckdns\.org$" = {
         useACMEHost = "coolneng.duckdns.org";
         forceSSL = true;
+        locations."/".return = "301 https://$subdomain.psydnd.org$request_uri";
+      };
+      # Current domain
+      "psydnd.org" = {
+        useACMEHost = "psydnd.org";
+        forceSSL = true;
+      };
+      "radicale.psydnd.org" = {
+        useACMEHost = "psydnd.org";
+        forceSSL = true;
         locations."/" = {
           proxyPass = "http://localhost:5232/";
           extraConfig = ''
@@ -65,30 +73,30 @@
           '';
         };
       };
-      "sync.coolneng.duckdns.org" = {
+      "sync.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         locations."/".proxyPass = "http://localhost:8384/";
       };
-      "git.coolneng.duckdns.org" = {
+      "git.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         locations."/" = {
           proxyPass = "http://localhost:3000/";
           extraConfig = ''
             ${config.services.nginx.commonHttpConfig}
             # Disable embedding as a frame, except from the same origin
-            add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
+            add_header Content-Security-Policy "frame-src git.psydnd.org; frame-ancestors git.psydnd.org";
           '';
         };
       };
-      "rss.coolneng.duckdns.org" = {
+      "rss.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         locations."/".proxyPass = "http://localhost:8080/";
       };
-      "matrix.coolneng.duckdns.org" = {
+      "matrix.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         listen = [
           # IPv4
@@ -116,18 +124,18 @@
         ];
         locations."~ ^(/_matrix|/_synapse/client)".proxyPass = "http://localhost:8008";
       };
-      "element.coolneng.duckdns.org" = {
+      "element.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         locations."/".root = pkgs.element-web.override {
           conf.default_server_config = {
-            "m.homeserver"."base_url" = "https://matrix.coolneng.duckdns.org";
+            "m.homeserver"."base_url" = "https://matrix.psydnd.org";
             "m.identity_server"."base_url" = "https://vector.im";
           };
         };
       };
-      "wallabag.coolneng.duckdns.org" = {
+      "wallabag.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         root = "${pkgs.wallabag}/web";
         locations = {
@@ -147,8 +155,8 @@
           };
         };
       };
-      "books.coolneng.duckdns.org" = {
+      "books.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         locations."/" = {
           proxyPass = "http://localhost:9000/";
@@ -159,8 +167,8 @@
           '';
         };
       };
-      "grafana.coolneng.duckdns.org" = {
+      "grafana.psydnd.org" = {
-        useACMEHost = "coolneng.duckdns.org";
+        useACMEHost = "psydnd.org";
         forceSSL = true;
         locations."/" = {
           proxyPass = "http://localhost:9009/";
@@ -177,10 +185,18 @@
       email = "akasroua@disroot.org";
       group = "nginx";
     };
-    certs."coolneng.duckdns.org" = {
+    certs = {
+      "coolneng.duckdns.org" = {
         domain = "*.coolneng.duckdns.org";
         dnsProvider = "duckdns";
-      environmentFile = config.age.secrets.acme.path;
+        environmentFile = config.age.secrets.acme-duckdns.path;
+      };
+      "psydnd.org" = {
+        domain = "psydnd.org";
+        extraDomainNames = [ "*.psydnd.org" ];
+        dnsProvider = "porkbun";
+        environmentFile = config.age.secrets.acme-porkbun.path;
+      };
     };
   };
 

secrets/acme-porkbun.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 iUaRGg 7JImhL2Wo/eJEwUGP+NhEf36yq5gHO9q1GYhY2HaMAY
+eAMhD0sqHQS+aayBpOsY8+081i72QAhJCFbBe0//uwU
+--- 4K8cXsDuWZrmWNJ+rz166ej9o/gLFc7CfJuzAsG0BxA
+|.þûÂ	f<><66>fã=î-ÏX$PÅ:
¦©¥ÜMB úzö÷ïÁ!7N7iže<C5BE>¹¦!—fËFÉ„’v³M"4R_wï|—GÝØtl»»<bQL}‰Ú‹¶õ#^Õ©ª
á¤júeòdœ®­iâ:F=ÿí÷éŠë‹[
<0A>®íÉd½Y´€“Z8]|îEÇwâ(·<> ö¸4¶Œ•æFx˜y8šI.´êKx»™øflç’ù1’ŸUû BÁ¨×3Û€5ÿÄ~Ã

secrets/inadyn-porkbun.age

@@ -1,6 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 iUaRGg mjl2NVhvZ+j87U5JLDcun7Lr7nUD9/Ci2mbZbcvn6hk
+-> ssh-ed25519 iUaRGg Fj/IEMc+EwPbxVYPdM1tUF0V1vL8F0yN7wPCTcDOoQI
-xzJaZDEwcZmd/qUGMWoFsj6ylsevriwlwVi8znyRpSk
+ORL8EAnKTo5Fot3qRDYClGvmtPliWA49aQWBpzqLFxo
---- IoNqE7dzWBlVySCznCJDS4KEOfBPazWvdzK2GmyQyIw
+--- FrEg81sAO/xlmYLGMqb9aF4o61J57Cqdb6Qoh7h2Zxg
-±hóâ_CA·~~ˆû¸;¶nDt]†]Òë•g…Š¨º¹<C2BA>
+ùɱw
Ò>xKø
}ÖЂg݇(“Ü‹O V°hˆç]r!wx1àúÜ™j!Ž}UÛ
„
-ïÃÒ|4´M6Y
gŒ¶ÝÆOã.–ð:ó\ÚNgƒ/Ö—ÛiÀuxïmbê«Ü=6•—{äª3åÊø
¹oMG;Ël^lÞµ`ŠBˆ¸™nêðLxïÈ|æ,d·Â2çÓ9´{*|öÅL;ßÉ!ø͜ܕVkØš$:4½qè–éÉGÄ ©ÙªŒi’€ÝÈÅ„A¶A
ÃËAÉ™½ì
+X¾BÇ	D™›¦ó«–A´ÿ¶c±¿Ãî¥âs<C3A2>äd¹]0Â[ziš0­é©ß¬"·½9À]¤Aŵåà1yîaßJÅwk³ Ò0Yîhð™6©\\W3<>:{1Ø'{ºátÛš>
îWŒÆõ®ÝšE±ODÂËŒ'Tœ#¬Œ>ÍPý]Þ?„d…ÈP…P8ê)”×å?è
+ˆßg73

secrets/secrets.nix

@@ -15,7 +15,8 @@ in
   "mqtt-receiver.age".publicKeys = [ zion ];
   "facebook.age".publicKeys = [ zion ];
   "signal.age".publicKeys = [ zion ];
-  "acme.age".publicKeys = [ zion ];
   "inadyn-duckdns.age".publicKeys = [ zion ];
   "inadyn-porkbun.age".publicKeys = [ zion ];
+  "acme-duckdns.age".publicKeys = [ zion ];
+  "acme-porkbun.age".publicKeys = [ zion ];
 }

well-known/matrix/client

@@ -1,5 +1,5 @@
 {
     "m.homeserver": {
-        "base_url": "https://matrix.coolneng.duckdns.org"
+        "base_url": "https://matrix.psydnd.org"
     }
 }

well-known/matrix/server

@@ -1 +1 @@
-{ "m.server": "matrix.coolneng.duckdns.org:443" }
+{ "m.server": "matrix.psydnd.org:443" }